<?php
	// Where the file is going to be placed 
//	$subdir = date("Y-m");
//	$file_path = $_SERVER["DOCUMENT_ROOT"] . "/dropped_files/" . $subdir;
//	mkdir($file_path, 0777);
//	chmod($file_path, 0777);

	function getRandomString($length) {
		// Generate random filename
  		$rand_filename = "";
		$possible = "0123456789bcdfghjkmnpqrstvwxyz";
		 
		// set up a counter
		$i = 0; 
    
		// add random characters to $password until $length is reached
		while ($i < $length) { 

			// pick a random character from the possible ones
			$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
    
			// we don't want this character if it's already in the password
    		if (!strstr($rand_filename, $char)) { 
      			$rand_filename .= $char;
      			$i++;
    		}
  		}
  		
  		return $rand_filename;
	}
	
	$file_path = $_SERVER["DOCUMENT_ROOT"] . "/dropped_files/";
	
	/* Add the original filename to our target path. Result is "uploads/filename.extension" */
	$target_path = $file_path . "/" . basename($_FILES['uploadedfile']['name']);
	
	$forbiddenMimes = array('application/octet-stream'); // EXE not allowed

    if( in_array($_FILES['uploadedfile']['type'], $forbiddenMimes) == false ) {
    	    	
    	$filename = basename($_FILES['uploadedfile']['name']);
    	$file_parts = explode(".", $filename);
    	$array_size = sizeof($file_parts);
    	$file_extension = "." . $file_parts[($array_size-1)];
    	    	
    	$rand_filename = getRandomString(24) . $file_extension;
    	
    	while( file_exists($file_path . "/" . $rand_filename) ) {
			$rand_filename = getRandomString(24) . $file_extension;
		}
    	
    	
    	// Rename file if it already exists.
//    	$i = 0;
//    	while( file_exists($target_path) ) {
//    		$i++;
//			$file_parts = explode(".", basename( $_FILES['uploadedfile']['name']));
//			$array_size = sizeof($file_parts);
//			
//			$tmp_filename = $file_parts[($array_size-2)] . "-" . $i;
//			$file_parts[($array_size-2)] = $tmp_filename;
//			
//			$new_filename = implode(".", $file_parts);
//			$target_path = $file_path . "/" . $new_filename;
//			
//			$filename = $new_filename;
//		}
//		$_FILES['uploadedfile']['name'] = $filename;

    	
		if(@move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
			
			$statusmessage = "";
			$rename_status = rename($target_path, $file_path . $rand_filename);
			if( $rename_status < 1 ) {
				unset($target_path);
				$statusmessage = "Problem copying the file. Try again.";
			}
			
			$browser_info = @get_browser(null, true);
			$file_name_random = $rand_filename;
			$file_name = addslashes(basename( $_FILES['uploadedfile']['name']));
			$file_size = $_FILES['uploadedfile']['size'];
			$file_type = addslashes($_FILES['uploadedfile']['type']);
			$browser = $_SERVER["HTTP_USER_AGENT"];
			
			// get IP
			if (getenv(HTTP_X_FORWARDED_FOR)) {
				$ip = getenv(HTTP_X_FORWARDED_FOR);
			} else {
				// $ip = $_SERVER["REMOTE_ADDR"];
				$ip = getenv(REMOTE_ADDR);
			}
			
			// Files maximum 10MB
			if( $file_size > 10000000) {
				unset($target_path);
				$statusmessage = "File is too big! 10MB maximum!";
			}
			
			// If there is no error, do the database entry
			if( strlen($statusmessage) < 2 ) {
				// DATABASE ENTRY
				unset ($db);  
				
				if (!($db = mysql_connect("localhost", "web45", "ocarina."))) { 	
					 die("Cannot connect to database"); 
				} if (!mysql_select_db("usr_web45_3", $db)) { 	
					 die("Cannot connect to database"); 
				} 
			
				$insert = "INSERT INTO dropped_files (ip, file_name_random, file_name, file_size, file_type, browser) " .
					"VALUES ('$ip', '$file_name_random', '$file_name', '$file_size', '$file_type', '$browser') ";
				$insertnow = mysql_query($insert, $db);
				
				$statusmessage = "The file " .  basename( $_FILES['uploadedfile']['name']) . " has been uploaded.";
			}
	    	
	    	echo $statusmessage;
		} else {
	    	echo "There was an error uploading the file, please try again!";
		}
	} else {
		echo "Forbidden file type.";
	}
?>